[zanata-client/f20] patch for SNI
Patrick Huang
pahuang at fedoraproject.org
Fri Jul 18 04:06:46 UTC 2014
commit cdb6ad9ff190d67ff6ade3863aa0f4ff2b6c69e4
Author: Patrick Huang <pahuang at redhat.com>
Date: Fri Jul 18 00:06:26 2014 -0400
patch for SNI
sni.patch | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 88 insertions(+), 0 deletions(-)
---
diff --git a/sni.patch b/sni.patch
new file mode 100644
index 0000000..7772d0b
--- /dev/null
+++ b/sni.patch
@@ -0,0 +1,88 @@
+diff --git pom.xml pom.xml
+index e605ef1..773e5ca 100644
+--- pom.xml
++++ pom.xml
+@@ -175,7 +175,7 @@
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+- <version>4.3.3</version>
++ <version>4.2.5</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>commons-logging</artifactId>
+diff --git zanata-rest-client/src/main/java/org/zanata/rest/client/ZanataProxyFactory.java zanata-rest-client/src/main/java/org/zanata/rest/client/ZanataProxyFactory.java
+index 9a59c61..7d1fb4b 100644
+--- zanata-rest-client/src/main/java/org/zanata/rest/client/ZanataProxyFactory.java
++++ zanata-rest-client/src/main/java/org/zanata/rest/client/ZanataProxyFactory.java
+@@ -9,6 +9,7 @@ import java.net.Socket;
+ import java.net.URI;
+ import java.net.URISyntaxException;
+ import java.net.URL;
++import java.net.UnknownHostException;
+ import java.security.SecureRandom;
+ import java.security.cert.CertificateException;
+ import java.security.cert.X509Certificate;
+@@ -29,6 +30,7 @@ import org.apache.http.conn.scheme.Scheme;
+ import org.apache.http.conn.ssl.SSLSocketFactory;
+ import org.apache.http.conn.ssl.X509HostnameVerifier;
+ import org.apache.http.impl.client.DefaultHttpClient;
++import org.apache.http.params.HttpParams;
+ import org.apache.http.protocol.HttpContext;
+ import org.apache.maven.artifact.versioning.DefaultArtifactVersion;
+ import org.jboss.resteasy.client.ClientExecutor;
+@@ -137,28 +139,34 @@ public class ZanataProxyFactory implements ITranslationResourcesFactory {
+
+ sslContext.init(null, trustAllCerts, new SecureRandom());
+
+- SSLSocketFactory factory = new SSLSocketFactory(sslContext) {
+- @Override
+- public Socket connectSocket(
+- int connectTimeout,
+- Socket socket,
+- HttpHost host,
+- InetSocketAddress remoteAddress,
+- InetSocketAddress localAddress,
+- HttpContext context) throws IOException,
+- ConnectTimeoutException {
+- if (socket instanceof SSLSocket) {
+- try {
+- PropertyUtils.setProperty(socket, "host",
+- host.getHostName());
+- } catch (Exception ex) {
+- log.warn("Unable to enable SNI; you may have trouble connecting to some secure hosts. Please ensure that you are running Java 1.7 or later.");
++ SSLSocketFactory factory;
++ if (sslCertDisabled) {
++ // avoid triggering the problem described here:
++ // https://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0
++ factory = new SSLSocketFactory(sslContext);
++ } else {
++ factory = new SSLSocketFactory(sslContext) {
++ // NB: This is only for httpcomponents-client 4.2, not 4.3
++ @Override
++ public Socket connectSocket(Socket socket,
++ InetSocketAddress remoteAddress,
++ InetSocketAddress localAddress,
++ HttpParams params)
++ throws IOException, UnknownHostException,
++ ConnectTimeoutException {
++ if (socket instanceof SSLSocket) {
++ try {
++ PropertyUtils.setProperty(socket, "host",
++ remoteAddress.getHostName());
++ } catch (Exception ex) {
++ log.warn("Unable to enable SNI; you may have trouble connecting to some secure hosts. Please ensure that you are running Java 1.7 or later.");
++ }
+ }
++ return super.connectSocket(socket, remoteAddress,
++ localAddress, params);
+ }
+- return super.connectSocket(connectTimeout, socket, host, remoteAddress,
+- localAddress, context);
+- }
+- };
++ };
++ }
+
+ HttpClient client = new DefaultHttpClient();
+
More information about the scm-commits
mailing list